[dundee] Linux Kernel 'ac_ioctl()' Local Buffer Overflow Vulnerability

[gordon dunlop]

2008/12/14 Sean McRobbie <lug at seany.us>:
> Dammit! There goes uptimes....
>
> Any idea how this affects OpenVZ & Xen containers?
>
The Xen and OpenVZ kernels are modified Linux kernels therefore the
presumption is that the vulnerability will also be present in your Xen
and OpenVZ kernels and will have to be patched. You will also have to
patch your Xen VM's.

Gordon


> Issues like this always have to come up just before exams don't they?
>
> Regards,
> Sean McRobbie
>
> ----- Original Message -----
> From: "Arron Finnon" <afinnon at googlemail.com>
> To: dundee at lists.lug.org.uk
> Sent: Sunday, 14 December, 2008 22:00:33 GMT +00:00 GMT Britain, Ireland, Portugal
> Subject: Re: [dundee] Linux Kernel 'ac_ioctl()' Local Buffer Overflow Vulnerability
>
> Bit More info if anyone is interested
>
> 18. Linux Kernel 'ac_ioctl()' Local Buffer Overflow Vulnerability
> BugTraq ID: 32759
> Remote: No
> Date Published: 2008-12-10
> Relevant URL: http://www.securityfocus.com/bid/32759
> Summary:
> The Linux kernel is prone to a local buffer-overflow vulnerability
> because it fails to perform adequate boundary checks on user-supplied
> data.
>
> Local attackers may be able to exploit this issue to crash the
> affected kernel, denying service to legitimate users. Given the nature
> of this issue, attackers may also be able to run arbitrary code, but
> this has not been confirmed.
>
> Versions prior to the Linux kernel 2.6.28-rc1 are vulnerable.
>
> _______________________________________________
> dundee GNU/Linux Users Group mailing list
> dundee at lists.lug.org.uk  http://dundee.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/dundee
> Chat on IRC, #tlug on dundee.lug.org.uk
>
> _______________________________________________
> dundee GNU/Linux Users Group mailing list
> dundee at lists.lug.org.uk  http://dundee.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/dundee
> Chat on IRC, #tlug on dundee.lug.org.uk